﻿<%
'check injection
Dim sRequest
sRequest=Request.QueryString
if  instr(UCASE(sRequest),"UPDATE ")>0 or instr(UCASE(sRequest),"CAST")>0 or instr(UCASE(sRequest),"--")>0 or instr(UCASE(sRequest),"INSERT")>0 or instr(UCASE(sRequest),"CONVERT")>0 or instr(UCASE(sRequest),"EXEC")>0 then
	Response.Write ("Ko duoc su dung cac query SQL tren URL!")	
	Response.End
end if

'Thong tin login DB

Dim sServerName
Dim sDatabaseName
Dim sLoginName
Dim sLoginPassword

Dim adoCon 			
Dim strCon			
Dim rsCommon			
Dim strSQL

sServerName	= "(local)"
sDatabaseName	= "thcnpm"
sLoginName	= "admindb"
sLoginPassword	= "password"

strCon = "Provider=sqloledb;Data Source=" & sServerName & ";Initial Catalog=" & sDatabaseName & ";User Id=" & sLoginName & ";Password=" & sLoginPassword & ";"
	'strCon = "Provider=SQLOLEDB;Connection Timeout=90;" & strCon
		
	Set adoCon = Server.CreateObject("ADODB.Connection")
	
	'Intialise the main ADO recordset object
	Set rsCommon = Server.CreateObject("ADODB.Recordset")
	
	adoCon.connectionstring = strCon
	
	'Set an active connection to the Connection object
	adoCon.Open

	
Public Sub closeDatabase()

	'Close recordset
	If isObject(rsCommon) Then
		Set rsCommon = Nothing
	End If
	
	'Close Database Connection
	If isObject(adoCon) Then
		adoCon.Close
		Set adoCon = Nothing
	End If
End Sub
	
%>